Email sender authentication with SPF, Domainkeys, or DKIM

Fri, 2008-09-26 21:35 by admin · Forum/category:

SPF (Sender Policy Framework or Sender Permitted From), Domainkeys, and DKIM (DomainKeys Identified Mail) are methods to authenticate mail senders and detect incoming mail that was not sent by whom it says it was sent. This can help to fight spam. For example, if spammers can no longer hide their domain identity by faking their sending domains, they could effectively be blacklisted.

SPF does this by adding a TXT record to the DNS (Domain Name System) stating which servers are allowed to send mail from a particular domain.

Domainkeys and its followup, DKIM add an electronic signature to each mail, whose public key is advertised also as TXT record in the DNS, usually under, where is replaced with the actual domain. The signature can be added by the local email client or by the sending mail server.

If you have a functioning Domainkeys or DKIM installation, you can test it with the following tools. "Send an email" means to send just any email, which can be empty.

In the automatic replies look for status: good, test: pass, or a similar message.

If you know any further test systems or if you find that one of the above ones consistently fails, please send an email to the webmaster.